So, through some research, I discovered that the attribute I was using is not replicated. So, throughout DC upgrades and replacements, these eventually dwindled to nothing. I confirmed through research that deactivating an account, does update the lastChanged attribute, and that attribute is synced. So I rewrote my script to look at that attribute instead. Thanks!
AD Does the last logon field get wiped after x amount of time from being deactivated?
Hello everyone,
I wrote a script a while back and part of that script deletes inactive accounts from a deactivated ou that have a lastlogin date older than 365 days. I noticed today that there are 560 accounts there still, and all of the lastlogon dates that are populated are newer than 3/28/2023. The rest are not set.
Could something else cause this field to be wiped.
Also, if these fields are expected to wipe, does someone have a better attribute to utilize. Essentially we want accounts to be deleted automatically 1 year after deactivating.
Thanks!
2 answers
Sort by: Most helpful
-
Deleted
This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
1 deleted comment
Comments have been turned off. Learn more
-